quick fix

This commit is contained in:
Miroslav Stampar 2011-07-08 09:01:32 +00:00
parent c517e97a44
commit ba2c06c9dc
2 changed files with 3 additions and 3 deletions

View File

@ -89,7 +89,7 @@ def urldecode(value, encoding=None):
return result
def urlencode(value, safe="%&=", convall=False, limit=False):
def urlencode(value, safe="%&=", convall=False, limit=False, failsafe=True):
if conf.direct or PLACE.SOAP in conf.paramDict:
return value
@ -104,7 +104,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
if all(map(lambda x: '%' in x, [safe, value])):
if failsafe and all(map(lambda x: '%' in x, [safe, value])):
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
while True:

View File

@ -529,7 +529,7 @@ class Connect:
# throughly without safe chars (especially & and =)
# addendum: as we support url encoding in tampering
# functions therefore we need to use % as a safe char
payload = urlencode(payload, "%", False, True)
payload = urlencode(payload, "%", False, True, not kb.tamperFunctions)
value = agent.replacePayload(value, payload)
elif place == PLACE.SOAP:
# payloads in SOAP should have chars > and < replaced